October is both Intimate Terrorism (domestic violence) and Cyber-Security Awareness month.
There are going to be a few blogs that specifically deal with cyber-security and a few blogs that deal specifically with intimate terrorism. This is the first blog that deals with cyber-security and we’re going to talk about finances.
It is interesting that Jesus speaks more about finances than any other subject during His time on earth. Also, the only place where God gives permission for us to test Him is in the subject of finances in Malachi 3:10. Finances are an essential part of carrying the gospel work forward you can see many examples of this in the book of Acts and I encourage you to read Acts as it’s one of the best examples for us to see how church finances are properly conducted (as well as improperly). Seeing how important Jesus views finances and the importance it plays in the gospel work it’s important for us to make sure that our finances are secure. But we’ll be talking specifically about online banking. We will have future blogs on general financial security.
In the world of online banking, online currency (called crypto), and mobile deposits, and so on, it is easier and easier for a church’s finances to be abused. By either known or unknown offenders, that is either people in the church whom you trust and know or strangers. You can read more about financial abuse in our Annual report on Faith-Based Abuse which we will be releasing soon.
Today we’re going to look at measures you can take to secure your online finances.
- Multi-Factor Authentication
Multi-factor authentication means that an account uses multiple ways to make sure you’re who you’re supposed to be. A common example of multi-factor authentication is the use of a user name and password. The hope is that if someone gets ahold of the password, they still won’t be able to log in because they don’t have the user name or vice versa. This is now standard practice but you can go further to enhance multi-factor authentication. Some banks can be set up so that if someone tries to log on, they also have to get a security code sent via text or phone call. This is a great way to make sure only authorized people are allowed to access the account.
2) Strong Passwords
Making strong passwords is really more of an art than a science. The strongest passwords are actually pass-phrases. The longer, the better, and the use of some capitals and special symbols helps to enhance it. Use phrases that have little to no association with who your organization is or what you do.
Using passwords like churchbankaccount47 and JesusSavesJohn3:16 are probably not the most secure passwords. Random phrases can still be easy to remember, even when using a few special symbols and capitals.
3) Checks and Balances
I don’t mean checks and balances in the financial term but I mean it’s important to have multiple people who can check on things. Don’t just have your church’s treasurer have sole access to the bank account and be the only one who can view it. Make sure several people can at least view the balance; what’s coming in and what’s going out.
For those who might think that trust should be given to people, that is true, but we should also not give undue opportunity for temptation. Part of building each other up means lifting each other up above temptation and sin. We’re not supposed to make stumbling blocks for our brothers. We’re not only accountable to the church, but even more, we are accountable to God for His finances. Be sure that account statements are read at every board meeting if not being done already.
4) Threshold Amounts
It is possible to have alerts sent to you about withdrawals above a certain amount and sometimes you can have an option to have someone sign off on it before it can be released or transferred.
This is most important to keep hackers from breaking into your account and stealing all the funds at once.
However, to guard against known abusers you also need to look at small, regular transfers or withdrawals. In our Annual Report, we found that known abusers usually steal small amounts over long periods of time. Look at those small, regular transfers and withdrawals and make sure they’re going where they’re supposed to be.
5) Login from Secure Places and with Secure Devices
To login into your church or ministry’s online financial accounts, make sure you don’t do it from the internet cafe or other public wifi. Use a private and secure network. Also on whatever device you use to login to your account, make sure it is secure and running the latest software or you’ve been up to date on patching it.
6) Guarding Against BEC
BEC is Business Email Compromise. This is where someone sends an email asking for a wire transfer to an account they control. They pretend to be a vendor or a person in the company that would legitimately ask or approve of a wire transfer. In 2020 schemes like this cost businesses over 1.8 billion dollars in losses (https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf).
The best way to mitigate this threat is to directly speak to the person requesting the payment, either by phone or in person.
If you have found that your accounts have been compromised or you’ve had money stolen, report it to your FBI field office or the Internet Crime Complaint Center (ic3.gov). If it’s a stranger who went after your account info the FBI may be able to help recover some of the money and can keep this person from going after others. If it’s someone within your church, it may be hard to report them, however, it is important that they cannot steal from God’s treasury. In the Bible, several people stole from God and it was met with severe consequences. By taking some simple steps to keep your online banking secure, you can focus on the minsitry that God wants you to do.
We hope that this blog helped you learn how to keep your online finances safe! We’ll be posting more on cyber-security soon.